| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Mar 2016 20:18:25 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Rich Felker <dalias@...c.org>
Cc: Linux-sh list <linux-sh@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Yoshinori Sato <ysato@...rs.sourceforge.jp>
Subject: Re: [GIT PULL] arch/sh updates for 4.6
On Thu, Mar 17, 2016 at 3:04 PM, Rich Felker <dalias@...c.org> wrote:
>
> Using git.libc.org for the sh tree is only temporary until we get one
> setup on kernel.org, which is pending getting signatures on my key. I
> hope to resolve that at ELC next month. Let me know if there's
> anything you'd like me to do in the mean time to establish some
> alternate basis of trust for these commits; hopefully it's less of an
> issue being that they're not touching anything but a previously
> unmaintained arch.
I really want to see signed tags when pulling from non-kernel.org places.
Even if you don't have signatures I can check on your keys, I want to
see your key used for signing anyway, so that when your next pull
request comes in I see that it's the same key (and hopefully you
_will_ have signatures on your key eventually).
So please send me a signed tag to pull rather than just a branchname, ok?
Linus
Powered by blists - more mailing lists